ClawHub

cloudflare-mail-address-creator

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it creates temporary mail addresses through a disclosed admin API, but its credentials and returned mailbox tokens need careful handling.

Install only if you recognize and intend to use this Cloudflare temporary mail system and control the target domain/API. Use a dedicated revocable admin credential, verify mailbox names and batch size before running, and treat terminal output and any JSON/CSV files as sensitive because they may contain mailbox access tokens or passwords.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill instructs the agent to use environment variables, read and write local files, and make authenticated network calls, but it declares no permissions. This creates a capability-transparency gap: a reviewer or runtime may underestimate what the skill can access, increasing the risk of unintended secret use, filesystem access, and outbound requests to an admin API.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill enables implicit invocation without any visible trigger scoping, confirmation requirement, or narrowing conditions. Because this skill performs an administrative mailbox-creation action against a backend API, broad auto-selection increases the chance that unrelated user requests could trigger privileged side effects, leading to unauthorized or unintended account/resource creation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation explicitly supports exporting API results to stdout and files, and those results include sensitive fields such as mailbox JWTs and possibly passwords. In an agent skill context, this is risky because operators may persist secrets to disk, logs, artifacts, or shared workspaces without realizing the security implications, increasing the chance of credential leakage and unauthorized mailbox access.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The examples instruct users to place an admin authentication secret in an environment variable but provide no warning about credential sensitivity, scope, rotation, or avoiding disclosure in logs and screenshots. In a skill specifically designed to call an admin mailbox-creation API, mishandling this token could enable unauthorized mailbox provisioning and broader administrative abuse.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The examples show batch mailbox creation and writing results to a local CSV file without warning that this performs real account creation and may persist sensitive output such as created addresses and returned tokens. In this skill’s context, the risk is elevated because the tool targets an admin API, so accidental execution can create unauthorized resources and leave sensitive artifacts on disk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script writes API-returned mailbox credentials, including JWTs and passwords, to an arbitrary output file without any warning, redaction, or permission hardening. In this skill's context, those secrets are the primary sensitive output, so silently persisting them increases the chance of credential disclosure through world-readable files, accidental commits, shared workspaces, or shell automation.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal